Overview

overview

10

Static

static

3

Malicious_...0e.dll

windows7-x64

10

Malicious_...0e.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2023, 19:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Malicious_7c21c286be4275774638aff516766958fc4fde15e22605e84f923d8540f0d00e.dll

  • Size

    64KB

  • MD5

    05b5d61d10b768d4543a108789f807db

  • SHA1

    1e24ac9ee23c1242749482bede713937df20ed67

  • SHA256

    7c21c286be4275774638aff516766958fc4fde15e22605e84f923d8540f0d00e

  • SHA512

    5d1fadf5a9047c910fbf097992659bfe19e7cde61303f7681ed0fefba844ae794748a3c7ec1fbff92014d3f7b6954febe308599d7234fed7444f7e7c4f9bb6f4

  • SSDEEP

    1536:roBHSfku/TguqNKM6C6E+YUv3EXmYOiKsU:roBS8Q0R68Xys

Score
10/10
icedid2046050bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2046050

C2

calldivorce.fun

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 2 IoCs
    loader
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Malicious_7c21c286be4275774638aff516766958fc4fde15e22605e84f923d8540f0d00e.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3024

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3024-133-0x0000000000F30000-0x0000000000F37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3024-134-0x0000000000F30000-0x0000000000F37000-memory.dmp

          Filesize

          28KB

          Download